A Ciphertext-Policy Attribute-based Encryption Scheme with Public Verification for an IoT-Fog-Cloud Architecture

Abstract In large scale Internet of Things (IoT) systems, IoT-Cloud is a scalable and practical method to achieve high-efficiency data management accommodation through delegating the data storage and management tasks to the cloud service providers (CSPs). To cope with the low-computability and limited-resource of IoT devices and the response-latency of CSPs, recent works introduce an IoT-Fog-Cloud architecture. Yet, the existing attribute-based data sharing solutions with high computation requirements are no longer suitable for this new architecture. In this paper, we propose a ciphertext-policy attribute-based encryption scheme for the architecture to address the above challenges. The expensive offline encryption is delegated to the fog by constructing an intermediate ciphertext pool with the help of a Chameleon hash function. A public verification is performed to filter the illegitimate ciphertexts before executing the decryption operation. We provide a formal proof of the security and extensive performance analyses. These demonstrate that the scheme is suitable for resource-constrained IoT devices.

[1]  Jiguo Yu,et al.  Follow But No Track: Privacy Preserved Profile Publishing in Cyber-Physical Social Systems , 2017, IEEE Internet of Things Journal.

[2]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[3]  Jiguo Li,et al.  Privacy-Preserving Decentralized Ciphertext-Policy Attribute-Based Encryption with Fully Hidden Access Structure , 2013, ICICS.

[4]  Jin Li,et al.  Outsourcing Encryption of Attribute-Based Encryption with MapReduce , 2012, ICICS.

[5]  Xiaolei Dong,et al.  White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively , 2018, IEEE Transactions on Dependable and Secure Computing.

[6]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[7]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[8]  Victor C. M. Leung,et al.  Intrusion Detection System Based on Decision Tree over Big Data in Fog Environment , 2018, Wirel. Commun. Mob. Comput..

[9]  Yi Liang,et al.  Deep Learning Based Inference of Private Information Using Embedded Sensors in Smart Devices , 2018, IEEE Network.

[10]  Xiuzhen Cheng,et al.  Secure Communications in Tiered 5G Wireless Networks With Cooperative Jamming , 2019, IEEE Transactions on Wireless Communications.

[11]  Zhipeng Cai,et al.  Task Scheduling in Deadline-Aware Mobile Edge Computing Systems , 2019, IEEE Internet of Things Journal.

[12]  Brent Waters,et al.  Secure attribute-based systems , 2010, J. Comput. Secur..

[13]  Yanfei Lu,et al.  Re-ADP: Real-Time Data Aggregation with Adaptive ω-Event Differential Privacy for Fog Computing , 2018, Wirel. Commun. Mob. Comput..

[14]  Hongwei Liu,et al.  An efficient access control scheme with outsourcing capability and attribute update for fog computing , 2018, Future Gener. Comput. Syst..

[15]  Jianfeng Ma,et al.  Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption , 2013, ESORICS.

[16]  Zhu Wang,et al.  From the internet of things to embedded intelligence , 2013, World Wide Web.

[17]  Zhen Liu,et al.  Traceable CP-ABE: How to Trace Decryption Devices Found in the Wild , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Robert H. Deng,et al.  Attribute-Based Encryption With Verifiable Outsourced Decryption , 2013, IEEE Transactions on Information Forensics and Security.

[19]  Yingshu Li,et al.  Collective Data-Sanitization for Preventing Sensitive Information Inference Attacks in Social Networks , 2018, IEEE Transactions on Dependable and Secure Computing.

[20]  Jianhong Zhang,et al.  Co-Check: Collaborative Outsourced Data Auditing in Multicloud Environment , 2017, Secur. Commun. Networks.

[21]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Teng Li,et al.  A position-aware Merkle tree for dynamic cloud data integrity verification , 2015, Soft Computing.

[23]  Calton Pu,et al.  Towards Bandwidth Guarantee for Virtual Clusters Under Demand Uncertainty in Multi-Tenant Clouds , 2018, IEEE Transactions on Parallel and Distributed Systems.

[24]  Rajkumar Buyya,et al.  Attribute-based data access control in mobile cloud computing: Taxonomy and open issues , 2017, Future Gener. Comput. Syst..

[25]  Yingshu Li,et al.  Data Linkage in Smart Internet of Things Systems: A Consideration from a Privacy Perspective , 2018, IEEE Communications Magazine.

[26]  Jiguo Yu,et al.  A Differential-Private Framework for Urban Traffic Flows Estimation via Taxi Companies , 2019, IEEE Transactions on Industrial Informatics.